diff --git a/roles/default.nix b/roles/default.nix
index b134c3c..234a15f 100644
--- a/roles/default.nix
+++ b/roles/default.nix
@@ -21,6 +21,14 @@ in
 	};
   services.timesyncd.enable = true;
   services.fail2ban.enable = true;
+  # ban repeat offenders longer
+  services.fail2ban.jails.recidive = ''
+    filter = recidive
+    action = iptables-allports[name=recidive]
+    maxretry = 5
+    bantime = 604800 ; 1 week
+    findtime = 86400 ; 1 day
+  '';
 	users.extraUsers.yorick = {
 	  isNormalUser = true;
 	  uid = 1000;